Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integr
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in vic
Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro Rank Tracker proranktracker allows Stored XSS.This issue affects Pro Rank Tracker: from n/a through <= 1.0.0.
A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into a
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. 
GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY
A Cross-Site Scripting (XSS) vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the event_id GET parameter is improperly handled. An attacker can cra
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. 
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/admin
A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_
A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious
A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malici
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 Track Page Scroll track-page-scroll allows Reflected XSS.This issue affects Track Pag
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated vi